Re: bin/72138: libc.so.5 isn't installed in a safe way

From: Xin LI <delphij_at_frontfree.net>
Date: Tue, 28 Sep 2004 23:35:37 +0800
On Tue, Sep 28, 2004 at 10:38:23AM +0200, Matthias Andree wrote:
> I must say that although Xin's patch will certainly work well to address
> my original PR, I like Ruslan's idea better, because it appears to work

Yes, I like it too :-)  Ruslan's patch is apparantly better because it
also protected other shared libraries.

> for all precious libraries, not just libc. But there is more "precious"
> stuff, /bin, /sbin, /boot (including kernel), /rescue (I was glad I had
> the latter, otherwise my system would have been dead.)
>
> Using -S for the whole system might be a bit slow without softupdates
> (or async, which I do not favor) but would not be a bad idea from a
> robustness point of view which I personally prefer.

I think it the slowdown would not be too much for this issue.  For a
filesystem without SoftUpdates enabled, the operations are:

	- Increase the inode reference count in preparation of referencing it
	- Add a new entity for the 'canonical' name and reference the inode
	- Remove the old entry for the 'temporary' name
	- Decrease the reference count back 

Of course, with synchnously mounted file system, you will initialize four
disk writes, however, the majority of metadata update, say, the file block
descriptions (i.e. storage bitmaps, etc) were already written on disk, so
this (theorically) won't be a big impact.

My only concern of having -S for the whole installation is that when we
terminate it (accidentially or intentionally), we may left some file like
install.Xb5Q7c or something like it, which is not so easy to cleanup until
the next time we have a ``make installworld''.  What's more, I think it is
easy for any user to use ``make "INSTALL=install -CS" installworld'' if
they really need the functionality.  Without having -S for the whole
installation gives more flexiblity, while having -S for shared libraries
would protect users from having their system in a horrible state (after
all, having a bad rtld-elf.so or libc.so is not something interest :-)

So I personally prefer we have -S for the shared libraries (as Ruslan's
patch did) - and give our user community the choose of whether to have
INSTALL=install -S in their make.conf.

What do you think about this?

Cheers,
-- 
Xin LI <delphij frontfree net>	http://www.delphij.net/
See complete headers for GPG key and other information.


Received on Tue Sep 28 2004 - 13:37:28 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:14 UTC